SCADA systems are Process Control Systems (PCS) that monitor and control critical infrastructure such as the electric power, natural gas, oil, water and waste-water distribution and transmission systems. They are distributed systems consisting of a central master station and Human Machine Interface (HMI), Remote Terminal Units (RTUs) connected to sensors and actuators, and a communications infrastructure. SCADA systems have historically been designed without any information security considerations.
The use of private networks and proprietary protocols has provided some level of “security by obscurity” in the past. This is not sufficient to secure systems that control critical infrastructure. Many steps need to be taken to properly secure SCADA systems. To prevent such an attack, SCADA operators should be able to detect if malicious software has been installed on RTUs.
At the core of these primitives lies a self-checking verification function that computes a checksum over its own instructions. A challenge-response protocol is employed between a trusted external verifier and the RTU. The external verifier sends a random challenge to the RTU. The verification functions are running on the RTU computes a checksum over its own instructions and return the result to external verifier.
The checksum computation is designed in way such that if an adversary tampers with this function either the checksum will be incorrect or there will be a noticeable increase in the computation time. If the external verifier receives the correct checksum within the expected time, it can be sure that the verification function code on the device is unaltered.